基于POF的网络窃听攻击移动目标防御方法

doi:10.11959/j.issn.1000-436x.2018025

Abstract

Abstract:

Eavesdropping attack hereby was the major attack for traditional network communication.As this kind of attacks was stealthy and untraceable,it was barely detectable for those feature detection or static configuration based passive defense approaches.Since existing encryption or dynamic address methods could only confuse part of fields of network protocols,they couldn’t form a comprehensive protection.Therefore a moving target defense method by utilizing the protocol customization ability of protocol-oblivious forwarding (POF) was proposed,through private protocol packet randomization strategy and randomly drop deception-packets on dynamic paths strategy.It could greatly increase the difficulty of implementing network eavesdropping attack and protect the privacy of the network communication process.Experiments and compare studies show its efficiency.

Key words: moving target defense, eavesdropping attack, protocol randomization, cyber space deception

CLC Number:

TP393

Duohe MA,Qiong LI,Dongdai LIN. Moving target defense against network eavesdropping attack using POF[J]. Journal on Communications, 2018, 39(2): 73-87.

Figures/Tables 11

模型	协议空间	路径空间	封包空间	消息内容空间	抗数据分组窃听	抗会话消息窃听
IP MTD	32	0	0	0	P	×
Port MTD	16	0	0	0	×	×
End MTD	48	0	0	0	P	×
MT6D	128	0	0	0	P	×
POFMTD	12 000	$\ln (S i z e (S S_{r}))$	$\ln (S i z e (S S_{p}))$	$\ln (S i z e (S S_{m}))$	√	√

References 37

[1]	ZHANG P , JIANG Y , LIN C ,et al. P-coding:secure network coding against eavesdropping attacks[C]// INFOCOM. 2010: 1-9.
[2]	XIA H D,JOSé C B , . Hardening web browsers against man-in-themiddle and eavesdropping attacks[C]// The 14th International Conference on World Wide Web. 2005.
[3]	KEWLEY D , FINK R , LOWRY J ,et al. Dynamic approaches to thwart adversary intelligence gathering[C]// DARPA Information Survivability Conference ＆ Exposition II. 2001: 176-185.
[4]	CHOI H , PATRICK M D , THOMAS F ,et al. Privacy preserving communication in MANETs[C]// The 4th Annual IEEE Communications Society Conference on Sensor,Mesh and Ad Hoc Communications and Networks. 2007: 233-242.
[5]	HWANG H , JUNG G , SOHN K ,et al. A study on MITM (man in the middle) vulnerability in wireless network using 802.1 X and EAP[C]// International Conference on Information Science and Security. 2008: 164-170.
[6]	WAGNER R . Address resolution protocol spoofing and man-in-themiddle attacks[J]. The SANS Institute, 2001
[7]	SYVERSON P F , GOLDSCHLAG D M , REED M G . Anonymous connections and onion routing[C]// IEEE Symposium on Security and Privacy. 1997: 44-54.
[8]	ZHANG P , JIANG Y , LIN C ,et al. Padding for orthogonality:Efficient subspace authentication for network coding[C]// INFOCOM. 2011: 1026-1034.
[9]	SIFALAKIS M , SCHMID S , HUTCHISON D . Network address hopping:a mechanism to enhance data protection for packet communications[C]// 2005 IEEE International Conference on Communications. 2005: 1518-1523.
[10]	JAJODIA S , GHOSH A K , SWARUP V ,et al. Moving target defense:creating asymmetric uncertainty for cyber threats[J]. Springer Ebooks, 2011:54.
[11]	ANTONATOS S , AKRITIDIS P , MARKATOS E P ,et al. Defending against hitlist worms using network address space randomization[J]. Computer Networks, 2007,51(12): 3471-3490.
[12]	JAFARIAN J H , AL-SHAER E , DUAN Q . OpenFlow random host mutation:Transparent moving target defense using software defined networking[C]// The First Workshop on Hot Topics in Software Defined Networks. 2012: 127-132.
[13]	DUNLOP M , GROAT S , URBANSKI W ,et al. MT6D:a moving target IPv6 defense[C]// Military Communications Conference. 2011: 1321-1326.
[14]	LEE H C J , THING V L L . Port hopping for resilient networks[C]// Vehicular Technology Conference. 2004: 3291-3295.
[15]	ERIKSSON J , FALOUTSOS M , SRIKANTH V ,et al. Routing amid colluding attackers[C]// IEEE International Conference on Network Protocols, 2007.
[16]	REED M , GOLDSCHLAG D . Onion routing[J]. Communications of the ACM, 1999(42): 39-41.
[17]	GOLDSCHLAG D M , MICHAEL G R , PAUL F . Syverson hiding routing information[J]. Information Hiding,Springer Berlin Heidelberg, 1996,1174: 137-150.
[18]	SHI L , JIA C . Lü S ,et al. Port and address hopping for active cyber-defense[C]// Intelligence and Security Informatics. Springer Berlin Heidelberg, 2007: 295-300.
[19]	CHOWDHARY A , SANDEEP P , DIJIANG H . SDN based scalable MTD solution in cloud network[J]// 2016 ACM Workshop on Moving Target Defense. 2016: 27-36.
[20]	SONG H , GONG J , CHEN H ,et al. Unified POF programming for Diversified SDN Data Plane[J]. Eprint Arxiv, 2014: 92-97.
[21]	AL-SHAER E . Toward network configuration randomization for moving target defense[J]. Moving Target Defense,Springer New York, 2011: 153-159.
[22]	ASOKAN N , VALTTERI N , KAISA N . Man-in-the-middle in tunnelled authentication protocols[C]// International Conference on Security Protocols. 2003: 42-48.
[23]	BOSSHART P , DAN D , IZZARD M ,et al. Programming protocol-independent packet processors[J]. ACM Sigcomm Computer Communication Review, 2013,44(3): 87-95.
[24]	WANG Z , WANG L , GAO X ,et al. An architecture of content-centric networking over protocol-oblivious forwarding[C]// IEEE Globecom Workshops. 2015: 1-5.
[25]	TAN X , ZOU S , GUO H ,et al. POFOX:towards controlling the protocol oblivious forwarding network[C]// Advances in Parallel and Distributed Computing and Ubiquitous Services. Springer Singapore, 2016.
[26]	HU D , LI S , XUE N ,et al. Design and demonstration of SDN-based flexible flow converging with protocol-oblivious forwarding (POF)[C]// IEEE Global Communications Conference. 2015: 1-6.
[27]	CORBETT C , UHER J , COOK J ,et al. Countering intelligent jamming with full protocol stack agility[J]. IEEE Security ＆ Privacy Magazine, 2014,12(2): 44-50.
[28]	张朝昆, 崔勇, 唐翯祎 ,等. 软件定义网络 (SDN) 研究进展[J]. 软件学报, 2015,26(1): 62-81.
	ZHANG C K , CUI Y , TANG H Y ,et al. State-of-the-art survey on software-defined networking (SDN)[J]. Journal of Software, 2015,26(1): 62-81.
[29]	CARROLL T E , CROUSE M , FUIP E W ,et al. Analysis of network address shuffling as a moving target defense[C]// 2014 IEEE International Conference on Communications (ICC). 2014: 701-706.
[30]	石乐义, 贾春福, 吕述望 . 基于端信息跳变的主动网络防护研究[J]. 通信学报, 2008,29(2): 106-110.
	SHI L Y , JIA C F , LYU S W . Research on end hopping for active network confrontation[J]. Journal on Communications, 2008,29(2): 106-110.
[31]	MA D , XU Z , LIN D . A moving target defense approach based on POF to thwart blind DDoS attack[C]// International Conference on Computer Communications ＆ Networks. 2015.
[32]	李佟, 葛敬国, 鄂跃鹏 ,等. 基于标签的 POF 网络虚拟化技术研究[J]. 计算机应用研究, 2017,34(3).
	LI T , GE J G , E Y P ,et al. Label-based POF network virtualization[J]. Application Research of Computers, 2017,34(3).
[33]	MA D H , WANG L , LEI C ,et al. Thwart eavesdropping attacks on network communication based on moving target defense[C]// Performance Computing and Communications Conference (IPCCC). 2017: 1-2.
[34]	JAJODIA S , WANG C , SUBRAHMANIAN V ,et al. Cyber deception[M]. Springer International Publishing, 2016.
[35]	JAJODIA S , PARK N , PIERAZZI F ,et al. A probabilistic logic of cyber deception[J]. IEEE Transactions on Information Forensics ＆Security, 2017(99): 1-1.
[36]	ALBANESE M , BATTISTA E , JAJODIA S . Deceiving attackers by creating a virtual attack surface[M]// Cyber Deception. Springer International Publishing, 2016.
[37]	AL-SHAER E , GILLANI S F . Agile virtual infrastructure for cyber deception against stealthy DDoS attacks[M]// Cyber Deception. Springer International Publishing, 2016.

Metrics

Recommended 0

No Suggested Reading articles found!

消息分组数量	欺骗分组数量	协议数量	传输路径数（含S₁→S₂）	窃听数据分组比例	重组会话成功率	通信端接收数据分组比例
10	0	1（标准UDP）	1	100%	100%	100%
9	1	1(私有协议)	1	100%(含欺骗数据)	0(fail)	100%（不含欺骗数据）
100	0	2(私有协议)	2	35%	0(fail)	100%
1 000	0	5(私有协议)	2	30%	0(fail)	100%
10 000	0	5(私有协议)	4	5%~11%	0(fail)	95%~100%

Moving target defense against network eavesdropping attack using POF

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 37

Related Articles 7

Metrics

Recommended 0

[1]	Xiaoyu XU, Hao HU, Hongqi ZHANG, Yuling LIU. Random routing defense method based on deep deterministic policy gradient [J]. Journal on Communications, 2021, 42(6): 41-51.
[2]	Fucai CHEN,Weizhen HE,Guozhen CHENG,Shumin HUO,Dacheng ZHOU. Design of key technologies for intranet dynamic gateway based on DPDK [J]. Journal on Communications, 2020, 41(6): 139-151.
[3]	Jinglei TAN,Hengwei ZHANG,Hongqi ZHANG,Hui JIN,Cheng LEI. Optimal strategy selection approach of moving target defense based on Markov time game [J]. Journal on Communications, 2020, 41(1): 42-52.
[4]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[5]	Cheng LEI,Duo-he MA,Hong-qi ZHANG,Qi HAN,Ying-jie YANG. Network moving target defense technique based on optimal forwarding path migration [J]. Journal on Communications, 2017, 38(3): 133-143.
[6]	Yi-xun HU,Kang-feng ZHENG,Yi-xian YANG,Xin-xin NIU. Moving target defense solution on network layer based on OpenFlow [J]. Journal on Communications, 2017, 38(10): 102-112.
[7]	Cheng LEI,Duo-he MA,Hong-qi ZHANG,Ying-jie YANG,Miao WANG. Performance assessment approach based on change-point detection for network moving target defense [J]. Journal on Communications, 2017, 38(1): 126-140.